Transaction number management method in network commodity sales

ABSTRACT

A cart ID according to the present invention is an identification code including receipt information containing at least a receipt number (serial number) indicating a receipt number of the transaction, and further unmeaning password information. Furthermore, it is preferable that the receipt information has date information in which the cart ID is issued. In this manner, the cart ID according to the present invention contains the password information in addition to the receipt information having conventional date information and the receipt number, whereby even when the cart ID is disclosed to the principal, it is possible to prevent another person from being informed thereof.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to a transaction numbermanagement method in Internet commodity sale transactions, and moreparticularly, to security protection of transaction numbers.

2. Description of the Related Arts

Internet commodity sales are in a rapid spread. A user connects aterminal to Internet via a communication line, and displays a commoditysale site provided by a server managed by a commodity sale enterprise ona screen of the terminal.

The user operates the terminal, and selects a commodity which the userdesires from a plurality of commodities displayed in the commodity salesite. The selected commodity data are noticed to the server, whichtemporally stores the data in a predetermined file until a purchase ofthe commodity is determined. Namely, the selected commodity data aretemporally stored in the file of the server, and the condition iscompared to a condition that the selected commodity is entered into acart in contrast to a shopping at a conventional store. Therefore, thispredetermined file is called a cart file.

In order to discriminate each cart, the server provides a transactionnumber (cart ID) to the cart file. Namely, the transaction number (cartID) is provided to a single shopping transaction with the user. When theserver receives commodity data selected first in a certain shopping ofthe user, it issues a new cart ID, and stores the commodity dataselected in the cart file in response to the cart ID.

The issued cart ID is sent to the terminal, and is stored in theterminal by predetermined means. For example, the cart ID is stored in amemory unit (hard disk unit) of the terminal as a cookie. Alternatively,the cart ID is displayed on a terminal screen as a URL of a commoditysale site. Alternatively, the cart ID is written into a HTML document ofthe commodity sale site sent from the server. In this case, the HTMLdocument may be constituted so as not to display the cart ID on thescreen, but the cart ID written into the HTML document is held in theterminal.

When the user selects a next commodity, the commodity data are noticedto the server along with the cart ID. The server stores the commoditydata in the cart file corresponding to the cart ID. In this manner, evenin the case where the commodities are selected a plurality of timesbefore confirming the purchase in a single shopping by the user, aplurality of the commodity data can be stored in the same cart file.

Meantime, in many cases, a conventional cart ID was constituted by, forexample, date information such as an issue date, time, or the like and areceipt number of the cart ID. The receipt number is a serial numberindicating a number of the cart ID issued in the order of transactionreceipts on the date. For example, in the case where the 185-th cart IDon the date is issued at 9:26 p.m. on Feb. 28, 2000, the cart ID is“0002282126185.” In this manner, it is possible to manage the cart ID ina uni-sense by utilizing the serial number for the cart ID, therebyfacilitating the management of the cart ID.

However, the management of the cart ID by the receipt number causes adrawback in security. For example, in the case where such the cart ID isdisplayed as the URL at the terminal of the user, the user can readilyknow another person's cart ID. Accordingly, by inputting a digit codeassumed as the another person's cart ID as the URL, there is apossibility that a shopping data connected with the another person'scart ID is acquired from the server, so that the user can see it.Furthermore, the user can alter another person's order, too.

In order to solve such drawbacks, it is considered that the cart ID isnot displayed. Specifically, as described above, the cart ID is writteninto a memory unit of the terminal as a cookie, or is non-openlyincorporated into the HTML document, so that the cart ID can benon-disclosed.

However, the non-disclosure of the cart ID causes the followinginconveniences. Namely, in general, Internet sales enterprise has asupport system which receives a user's questions by a telephone call. Inthe case where the user telephones in the transaction during a commodityselection, as the user cannot tell the own cart ID, the enterprisecannot judge which transaction the user is talking about, so the usercan't get a smart and sufficient support.

Furthermore, in order to solve the aforesaid drawbacks, it is consideredthat the cart ID is encoded and the encoded ID is disclosed to the user.Namely, the cart ID containing information of a date, a time, and areceipt number is encoded by a password algorithm to form a random code,so that a sense included in the cart ID is not clarified to the user.Thus, it becomes difficult to analogize the other existent cart IDs.

However, encoding of the cart ID causes the below inconveniences.Namely, the encoding of the cart ID gives a large load on the server.Specifically, in the case where the cart ID is encoded, it is necessaryto encode in the server and also decode, and for this reason, a surplustime has to be taken.

Furthermore, in the case where the user puts a question to theenterprise having the aforesaid support system by a telephone call, theuser tells the disclosed encoded ID. Accordingly, unless the enterprisedecodes it once and acquires the cart ID, the enterprise cannot grasptransaction information of the user corresponding to the cart ID.Therefore, the enterprise cannot correspond promptly to the user. Inthis manner, when the cart ID itself containing the serial number is notdisclosed, the inconveniences are given to the user. It is thusundesirable.

SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a methodand apparatus for managing transaction numbers which can ensure thesecurity, while laying open a cart ID (transaction number) containing aserial receipt number.

In order to attain the above object, a cart ID according to the presentinvention is an identification code including receipt informationcontaining at least a receipt number (serial number) indicating areceipt number of the transaction, and further unmeaning passwordinformation. Furthermore, it is preferable that the receipt informationhas date information in which the cart ID is issued. In this manner, thecart ID according to the present invention contains the passwordinformation in addition to the receipt information having conventionaldate information and the receipt number, whereby even when the cart IDis disclosed to the principal, it is possible to prevent another personfrom being informed thereof. For example, even when a mala fide usershifts the receipt number, and acquires another person's cart ID, as thepassword information is a random code, so far as the passwordinformation is not also coincident, the another person's cart ID cannotbe acquired. On the other hand, as the cart ID according to the presentinvention contains the date information and receipt number, it ispossible to utilize instantly these numbers without being decoded.

To achieve the above object, according to an aspect of the presentinvention, there is provided a method of managing transaction numbers incommodity sale transactions via a network, the method comprising thesteps of issuing a transaction number including receipt information andpredetermined password information, the receipt information containingat least a receipt number indicative of the order of receipt of apredetermined transaction with a user; and displaying the transactionnumber on a terminal of the user.

For example, the network may be Internet and the transaction number maybe displayed, as part of URL of Internet, on the terminal. Preferably,the receipt information of the transaction number contains date and timeat issuance of the transaction number. Preferably, the passwordinformation of the transaction number contains a plural-digit randomnumber. Preferably, the transaction number is issued when at least onecommodity is selected at the terminal, the transaction number beingutilized till the determination of purchase of the selected commodity.Preferably, the transaction number is issued when an access is made fromthe terminal to a system of the commodity sale transaction, thetransaction number being utilized till the determination of purchase ofthe commodity. In those cases, the transaction number may be invalidatedwhen a predetermined period of time elapses before the determination ofpurchase of the selected commodity after the issuance of the transactionnumber.

The method of the present invention preferably further comprises thestep of, when another transaction number is received which coincidesonly with either the receipt information or password information of thetransaction number, judging an improper access to the transaction numberto erase the transaction number to reissue a new transaction number.

The method of the present invention preferably further comprises thesteps of, when another transaction number is received which coincidesonly with either the receipt information or password information of thetransaction number, judging an improper access to the transaction numberto count the number of times of the access; and when a transactionnumber is received after the number of times of the access has reached apredetermined number of times, erasing the transaction number to reissuea new transaction number, and displaying the new transaction number onthe terminal.

The method of the present invention preferably further comprises thestep of, when another transaction number is received which coincidesonly with either the receipt information or password information of thetransaction number, judging an improper access making use of thetransaction number to delay a response to the terminal using the anothertransaction number.

The method of the present invention may further comprise the step of,upon detection of an improper access to the transaction number,notifying alarm information to a terminal which sent the anothertransaction number.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing a structural example of a computer networkaccording to an embodiment of the present invention;

FIG. 2 is a diagram showing a structural example of a server 10;

FIG. 3 is a flowchart of a method of managing a cart ID according to theembodiment of the present invention;

FIG. 4 is a flowchart of the method of managing the cart ID according tothe embodiment of the present invention;

FIG. 5 shows is an example of a screen displayed in a terminal 20;

FIG. 6 shows an example of the screen displayed in the terminal 20;

FIG. 7 shows an example of the screen displayed in the terminal 20;

FIG. 8 shows an example of the screen displayed in the terminal 20;

FIG. 9 shows an example of the screen displayed in the terminal 20;

FIG. 10 shows an example of the screen displayed in the terminal 20;

FIG. 11 is a flowchart of an order confirmation process;

FIG. 12 is a flowchart of a method of managing the cart ID according toanother embodiment of the present invention; and

FIG. 13 is a flowchart of a countermeasure method with respect to animproper access according to the embodiment of the present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Preferred embodiments of the present invention will now be described.However, a technical scope according to the present invention is notlimited to the embodiments of the present invention. In the embodimentsof the present invention, a personal computer will be described as anexample of a commodity which is sold on Internet.

FIG. 1 is a diagram showing a structural example of a computer networkaccording to the embodiment of the present invention. In FIG. 1, aserver 10 and a plurality of client terminals 20 are connected toInternet through a communication line. The server 10 is a server forproviding Internet sales site according to the embodiment of the presentinvention, and storing a HTML file for the site, various programs and adatabase explained below, and the like. Each terminal 20 is, forexample, a personal computer of a user, and comprises a control unitconstituted by a CPU or the like, a display unit such as a CRT display,a liquid crystal display, or the like, and an input unit such as a keyboard, a mouse, or the like. Furthermore, the HTML file is acquired fromthe server 10 at the terminal 20, and a browser 21 for displaying it onthe screen is installed.

FIG. 2 is a diagram showing a structural example of the server 10. Acontrol unit 11 is constituted by the CPU or the like. The control unit11 controls a readout of a file, a transfer of a file, each unit withinthe server 10, and retrieves a database, and issues the cart ID, andperforms a managing process such as erasing or the like, and performsvarious operation processes. A communication unit 12 controls atransmission and receipt of files and data. For example, thecommunication unit 12 receives data from the terminal 20, and transfersthem to the control unit 11, and further the files transferred from thecontrol unit 11 are sent to the terminal 20. Furthermore, the followingfiles are stored in a predetermined memory unit within the server 10.

A HTML file 13 is a file composed of a plurality of pages constitutingInternet sale site, and is described by a HTML (HyperText MarkupLanguage) language.

A main program file 14 has a program for reading out the HTML file totransfer it to the terminal 20; a program for processing data from theterminal 20; a program for retrieving a database; a program for buryingthe retrieval results in the HTML file; and a program for managing thecart ID.

A commodity database 15 stores a plurality of pieces of attributeinformation in response to all transaction commodities. For example, inthe case where the commodity is a personal computer, the attributeinformation is a product name, a price, a type (desktop type or notebooktype), and various functions of the personal computer. The functions area type of a CPU, a capacity of a memory, a capacity of a hard disk, atype of a display, presence or absence of a CD-ROM or DVD-ROM, and thelike. The attribute information of the commodity is converted into theHTML file, and is sent to the terminal 20, and is displayed on a screenof the terminal 20.

Furthermore, the server 10 comprises a cart file 16 for temporallystoring commodity data selected by a user by operating the terminal 20;and a purchase file 17 for storing the commodity data in which thepurchase is determined. The commodity data within the cart file 16 aremanaged according to a cart ID (transaction number) to be provided eachtime the user buys the commodity.

According to the embodiment of the present invention, this cart ID is anidentification code containing receipt information containing at least areceipt number (serial number) indicating a receipt order of thetransaction; and further unmeaning password information. Furthermore, itis preferable that the receipt information has date information in whichthe cart ID is issued. Namely,Cart ID=Date Information+Reception Number (Serial Number)+CipherInformationIn this manner, the cart ID according to the present invention containsthe password information in addition to the receipt information havingconventional date information and the receipt number, so that even whenthe cart ID is disclosed to the principal, it is possible to preventanother person from being informed thereof. For example, even when amala fide user shifts the receipt number, and acquires another person'scart ID, as the password information is a random code, so far as thepassword information is not also coincident, the another person's cartID cannot be acquired.

On the other hand, as the cart ID according to the present inventioncontains the date information and receipt number, it is possible toutilize instantly these numbers without being decoded. For example, whenthe user puts a question to a support center of an enterprise by atelephone call, the user tells the disclosed own cart ID, so that theenterprise can acquire the date information and receipt number (serialnumber) of the transaction without decoding the cart ID, and canpromptly cope with the user.

FIGS. 3 and 4 are flowcharts of a method of managing the cart IDaccording to the embodiment of the present invention. Furthermore, FIGS.5 to 10 are examples of a screen displayed in the terminal 20 in eachstep of the method of managing the cart ID. With reference to FIGS. 5 to10, FIGS. 3 and 4 will be described.

In FIG. 3, first, a user A utilizes a browser 21 of a terminal 20A, andaccesses Internet commodity sale site provided by the server 10 viaInternet (S10). The server 10 sends, for example, the HTML file for acommodity guide screen to the terminal 20A in response to the access(S11). The terminal 20A displays the HTML file sent on the screen (S12).At this point of time, the cart ID is not issued.

FIG. 5 is an example of a commodity guide screen. On the screen, anexplanation of a commodity (for example, a personal computer) isdisplayed. In FIG. 5, the user A inputs the quantity of the commodity,and clicks “Place the commodity on the cart”, so that the commodity isselected (S13). The selected commodity data are sent from the terminal20A to the server 10 (S14). The server 10 receives the commodity data.At this time, as the cart ID is not included in the commodity data inresponse to an initial commodity selection, the server 10 issues a newcart ID, and stores the commodity data in the cart file 16 together withthe cart ID (S15).

The cart ID to be issued contains date information as an issue date andan issue time; a receipt number on the issue date; and predeterminedpassword information. For example, in the case where the 185-th cart IDon the date is issued at 9:26 p.m. on Feb. 28, 2000, the cart ID is“00022821261856637864.” of this digit code, “0002282126185” of the upper13 digits is in sequence date information and a receipt number.“6637864” of the lower 7 digits is password information containing arandom number generated at random. This password information is not aserial number, and the number has no specified sense.

Incidentally, when the user A clicks “In the cart” on the screen of FIG.5 before the cart ID is issued, the screen shown in FIG. 6 is displayed.As the cart ID is not issued, the server 10 does not receive the cart IDtogether with a demand in response to “In the cart.” The server 10recognizes that the commodity is not selected, and the HTML file for thescreen shown in FIG. 6 is sent to the terminal 20A.

When the server 10 stores the commodity data in the cart file 16, theserver 10 sends the commodity data in response to the cart ID in thecart file 16 as the HTML file in order to identify the selectedcommodity (S16). FIG. 7 is an example of a selection identificationscreen. In FIG. 7, the name of commodity selected, etc. are displayed.Furthermore, the cart ID “00022821261856637864” is displayed as part ofa URL in a URL display part in the screen. Thus, the user A can know thecart ID in response to a present shopping.

Here, the user A operates to return the screen to a previous screen(clicks “Return” in an operation menu of an browser not shown) (S17).The terminal 20A sends a demand corresponding to “Return” together withthe cart ID (S18). Then, the server 10 sends the HTML file correspondingto the same commodity guide screen (FIG. 8) as the screen of FIG. 5 as ascreen prior to the present screen together with the cart ID (S19). Theterminal 20A displays the screen of FIG. 8 corresponding to the sentHTML file (S20). On the screen of FIG. 8, the cart ID is displayed inthe URL display part. In this manner, once the cart ID is issued, thecart ID is added to the data communicated between the server 10 andterminal 20A. Accordingly, even when the screen is changed during theuser A's selection of the commodity, the cart ID is always displayed inthe URL display part of the screen, and the user A can look at the cartID.

The user A clicks “In the cart” of FIG. 8 in order to identify theselected commodity in the present shopping (S21). The terminal 20A sendsa demand corresponding to “In the cart” together with the cart ID (S22).The server 10 receives the cart ID together with the demand. The server10 reads out the commodity data managed by the received cart ID from thecart file 16 (S23), and sends the HTML file for the commodityidentification screen in which the commodity data are buried togetherwith the cart ID (S24). The terminal 20A displays the commodityidentification screen of FIG. 9 in response to the sent HTML file (S25).On the screen of FIG. 9, the commodity data stored in the cart inresponse to the present cart ID are displayed. Of course, the cart ID isdisplayed in the URL display part. Here, the user A clicks “Continue theshopping” of FIG. 9, to display the other commodity guide screens (notshown), and continues a commodity selection.

Referring then to FIG. 4, while the user A selects a commodity, theserver 10 is accessed at a terminal 20Z of a mala fide user Z.Specifically, similar to the case of the user A, the terminal 20Zaccesses Internet commodity sale site provided by the serer 10 viaInternet (S30). The server 10 sends, for example, the HTML file for thecommodity guide screen to the terminal 20Z in response to the access(S31). The terminal 20Z displays on the screen of FIG. 5 in response tothe sent HTML file (S32). At this point of time, the cart ID has notbeen yet issued.

The user Z inputs the quantity of commodity selected arbitrarily, andclicks “Place it in the cart” (S33). Thus, the commodity is selected andthe commodity data are sent to the server 10 (S34).

When the server 10 receives the commodity data, a new cart ID is issued,and the commodity data are stored in the cart file 16 together with thecart ID (S35). The receipt number included in the issued cart ID islater than the receipt number included in the cart ID of the user A.Furthermore, the date information included in the cart ID of the user Zis the same time as that in the user A, or a time (or a date) later thanthat in the user A. Furthermore, the password information included inthe cart ID of the user Z is a number which has no connection with thatof the user A.

When the server 10 stores the commodity data in the cart file 16, thecommodity data corresponding to the cart ID in the cart file 16 are sentas the HTML file in order to confirm the selected commodity (S36). Theterminal 20Z displays the selection identification screen of FIG. 7(S37). However, the cart ID displayed as a part of the URL in the URLdisplay part is an ID issued to a shopping of the user Z.

Here, the user Z changes some part of the cart ID displayed in the URLdisplay part. For example, assume that the cart ID of the user Z is“0002821266186XXXXXXX.” Namely, the cart ID of the user Z is issued atthe same time as that of the user A, and has a next number of thereceipt number of the user A. Furthermore, the lower 7 digits “XXXXXXX”of the cart ID of the user Z is the password information containing arandom number generated at random by the server 10 as described above.

The user Z changes “186” as a receipt number part of the cart ID to aprevious number “185.” Furthermore, the user Z presumes that the dateinformation is same as in the user A, and the date information is not tobe changed. Thus, the date information and receipt number part of thecart ID displayed on the screen of the terminal 20Z of the user Z arecoincident with those of the user A. However, as the user Z cannotexpect at all a password information part of the cart ID of the user A,an arbitrary number “YYYYYYY” is given. This number is a numberdifferent from the password information of the cart ID of the user A.

The user Z changes the displayed cart ID to “0002282126185YYYYYYY,” anddepresses an “ENTER” button of the terminal 20Z (S38). Thus, a demand ofthe HTML file in response to the URL containing the cart ID is sent tothe server 10 (S39). When the server 10 receives the demand from theterminal 20Z, it searches the interior of the cart file 16 for thereceived cart ID. However, the received cart ID does not exist. Thereceived cart ID coincides with the cart ID of the user A in the dateinformation and receipt number part, but as the password informationpart is different, they do not coincide with the cart ID.

When the server 10 judges that the received cart ID is different fromthe cart ID of the user A in only the password information part, theserver 10 recognizes that an improper access is performed to the cart IDof the user A, and counts improper access every cart ID (S40).Furthermore, the alarm information is sent to the terminal 20Z of theuser Z (S41). At the terminal 20Z, the alarm information shown in FIG.10 is displayed overlaid on the screen displayed currently (screen ofFIG. 6) (S42). The alarm information is vanished from on the screen byclicking an OK button of FIG. 10.

Incidentally, in the case where both of the date information and receiptnumber part of the received cart ID and the password information partare not coincident with either of those of the cart ID in the cart file16, the server 10 does not count the number of times of the access andnotices only the alarm information. Incidentally, in the case where thecart ID which coincides with only the password information part of thereceived cart ID exists in the cart file 16, the server 10 judges thatthe improper access is done, and counts the number of times of access inthe cart ID as a target of the improper access. Similarly, the alarminformation is notified.

The user Z erases the alarm information, and changes the passwordinformation to another digit code again, and repeats the access to theserver 10. Namely, steps S38 to S42 are repeated. Each time the improperaccesses are repeated, the alarm information shown in FIG. 10 isdisplayed. Therefore, the user Z has to operate to erase it.Accordingly, it is possible to delay the improper access by the user Z.

As the password information part has a plurality of digits containing arandom number (7 digits in this embodiment), the probability isextremely low that the password information of the cart ID input at aguess by the user Z coincides with that of the cart ID of the user A.Each time the server 10 judges that it is an improper access, the server10 counts the number of times of accesses. When the number of times ofthe improper accesses to the cart ID of the user A reaches N times (forexample, three times), the server 10 erects a flag (FL) for the cart IDof the user A in the cart file 16 (S43). When the server 10 erects theflag for the cart ID, when the server 10 next receives the cart ID, theserver 10 erases the cart ID from the cart file 16 and reissues anothercart ID.

Assume that, in a condition that a flag is erected in the cart ID of theuser A, the user A per se accesses the server. This is, for example, thecase where the user A selects an additional commodity on the commodityguide screen, and clicks “Place it in the cart” (S44). In this case, thecart ID of the user A is sent to the server 10 together with thecommodity data (S45). As a flag is erected in the cart ID of the user Ain the cart file 16, when the server 10 receives the cart ID of the userA, the server 10 invalidates the received cart ID of the user A(preferably, erases it), and reissues the cart ID of the user A (S46).Furthermore, the flag erected is lowered. The server 10 sends the HTMLfile of the selection identification screen (FIG. 7) containing the cartID reissued to the terminal 20A.

The cart ID reissued has the date information and receipt number at thetime of re-issuance, and further contains the password informationcontaining a random number generated newly. Accordingly, the dateinformation and receipt number part of the cart ID of the user Areissued are different from them in the ex-cart ID of the user A, andthe cart ID containing a number called “185” in the receipt number partdoes not exist in the cart file 16. Accordingly, even when the user Ztries to access many times, the improper access is never succeeded.

In this manner, the cart ID according to the embodiment of the presentinvention has the date information and receipt number as well as thepassword information. Since the password information contains a randomnumber having no specific sense, it is impossible to decode anotherperson's password information part in effect. Accordingly, even when thedate information and receipt number part are disclosed, the improperaccess can be prevented. According to the embodiment of the presentinvention, further, in the case where the number of times of theimproper access reaches the predetermined one, in order to makeperfection more perfect in security of the cart ID, the cart ID as atarget of the improper access is reissued. Specifically, as describedabove, when the server detects an access by the cart ID in which thedate information and receipt number coincide with each other, but thepassword information does not coincide with each other, or an access bythe cart ID in which the date information and receipt number do notcoincide with each other, but the password information coincides witheach other, the server 10 recognizes it as the improper access to thereally existing cart ID containing the coincident part, and counts thenumber of times of access. After the number of times of access to thecart ID as a target of the improper access reaches the predeterminednumber of times, when the server 10 detects the access by the cart ID,the server 10 erases the cart ID and reissues a new cart ID. Thus, asthe cart ID as the target of the improper access does not exist, theimproper access can fully be prevented.

FIG. 11 is a flowchart of an order confirmation process by the user A.In FIG. 11, when the user A ends a commodity selection, the user Aclicks a “Purchase” button on the screen of FIG. 7, 8, or 9 (S50). Thepurchase confirmation notice is sent to the server 10 together with thecart ID (S51). When the server 10 receives the purchase confirmationnotice, the server 10 transfers the commodity data managed by thereceived cart ID to a purchase file 17 in the cart file 16 (S52).Namely, the cart ID and commodity data are erased from the cart file 16.On the other hand, the commodity data transferred to the purchase file17 are managed by an order ID to be newly issued.

When the commodity data are stored in the purchase file 17, it isimpossible to change the purchase after the point of time. Because thepurchase file 17 is an access disable file. On the other hand, the cartfile 16 is a file which can be accessed by the terminal 20 so as tocancel the once selected commodity, and add, change, or the like thecommodity to be purchased. Accordingly, there is a danger of theimproper access from the other users, and according to the aforesaidembodiment, the improper access to the accessible cart file 16 isprevented.

The server 10 sends the HTML file in response to a purchase confirmationscreen (not shown), and notices the order ID to the user A (S53).Furthermore, the purchase confirmation may separately be noticed by anelectronic mail. Alternatively, it may be noticed by a mail service.

Furthermore, according to the embodiment of the present invention, whena predetermined period of time or more has elapsed from the issue timebefore the issued cart ID is erased by the aforesaid purchaseconfirmation, the issued cart ID may automatically be erased. Thepredetermined period of time is, for example, 2 days (48 hours). In thecase where the user selects the commodity and places the commodity datain the cart file 16, while the user disconnects the transaction, inorder to clear the transaction, the server 10 erases the commodity dataand cart ID in the cart file 16 corresponding to the transaction.

Accordingly, after a predetermined period of time or more has elapsedfrom the issue time of the cart ID, even when the user desires tocontinue the disconnected transaction, the cart ID and commodity dataare erased in the cart file. Therefore, the user cannot continue totransaction. It is assumed that the user has doubts about the matter andtelephones to the support center. Even in this case, the terminal of theuser displays the cart ID issued prior to the disconnection of thetransaction by a history storage function of the browser. Accordingly,the user can send the displayed cart ID to the support center. As thecart ID includes time information at the time of the issue, the supportcenter can forthwith judge that 2 days or more have elapsed after theissue of the cart ID, and can promptly answer the user that thetransaction is cleared. In the case where the cart ID is non-displayed,or is all encoded as in the prior art, in order to perform a retrievalprocess or decode process of the cart ID, it is necessary for the userto wait for a while during the telephone call. However, according to theembodiment of the present invention, it is possible to promptly answerthe user, and contribute to enhance a service of the support center.

Next, a method of managing the cart ID according to another embodimentof the present invention will be explained.

FIG. 12 is a flowchart of the method of managing the cart ID accordingto another embodiment of the present invention. Incidentally, only acharacteristic process part according to this embodiment will bedescribed, and the other processes are same as a process contentexplained by use of FIGS. 3 and 4. Therefore, the description isomitted.

In the process of the embodiment in FIGS. 3 and 4, the cart ID is issuedat the point of time when a commodity is selected. On the contrary, thisembodiment differs mainly in that the cart ID is issued at the point oftime when Internet commodity sale site provided by the server 10 isaccessed by the terminal 20A.

In FIG. 12, first, the user A utilizes the terminal 20A (browser 21) toaccess Internet commodity sale site provided by the server 10 viaInternet.

The server 10 newly issues the cart ID in response to the access andstores it in the cart file 16 (S61). A form of this cart ID and a methodof forming it are same as in the aforesaid embodiment.

Furthermore, the server 10 sends to the terminal 20A the HTML file forthe commodity guide screen containing the cart ID issued newly (S62).

The terminal 20A displays the sent HTML file on the screen (S63). Thecart ID is displayed as part of the URL in the URL display part of thecommodity guide screen displayed.

When the user A selects the commodity (S64), the selected commodity dataand cart ID are sent from the terminal 20A to the server 10 (S65).

The server 10 stores the commodity data in the corresponding cart file16 based on the cart ID received together with the commodity data fromthe terminal 20A (S66).

Furthermore, in order to identify the selected commodity, the server 10sends the HTML file for the selection identification screen to theterminal 20A (S67).

According to the aforesaid embodiment, when returning to a conditionprior to issuing the cart ID by utilizing the history storage functionof the browser after the cart ID has been issued, such a phenomenonoccurs that the cart ID is not displayed in the URL display part.

On the contrary, according to this embodiment, since the cart ID isissued at the point of time when the user accesses the commodity salesite, as far as perusing a page within this site, the cart ID is alwaysdisplayed in the URL display part, so that it becomes possible toprevent the occurrence of the phenomenon.

Furthermore, another embodiment in a countermeasure method of theimproper access in FIG. 4 will be described.

FIG. 13 is a flowchart of the countermeasure method of the improperaccess according to another embodiment of the present invention.Incidentally, only a characteristic process part according to thisembodiment is described, and the other processes are same as the processcontent described by use of FIG. 4. Therefore, the description isomitted.

In the process of FIG. 4, the number of times of the access is countedwith respect to the improper access by the mala fide user Z, and thealarm information is displayed, and in the case where the number oftimes of access is the predetermined number of times N or more, the cartID which is being used so far is invalidated.

In the process of FIG. 13, in the case where the number of times ofaccess as the improper access is less than the predetermined number oftimes N, and the predetermined number of times M or more, it is acharacteristic process that a reply to the terminal 20Z which is beingutilized by the user Z is intensively delayed.

First, when the server 10 judges that the improper access by the cart IDchanged by the user Z was made, the server 10 starts counting the numberof times of access in the cart ID as the target of the improper access(S40).

When the number of times of access is less than N times (here, forexample, 7 times) and less than M times (for example, 3 times), thealarm information is promptly noticed to the terminal Z. However, whenthe number of times of access is less than N times and M times or more,the server 10 delays more than a normal response (S71), and thereafternotices the alarm information to the terminal 20Z (S41). Incidentally, adelay time may be increased in proportion to an increase in the numberof times of access. In this manner, the response to the mala fide useris delayed, so that the improper access operations can be prevented.

According to the present invention, as set forth hereinabove, it ispossible to prevent the improper access to the cart file which storestemporally the selected commodity data prior to the purchaseconfirmation in Internet commodity sales.

The scope of protection of the present invention is not intended to belimited to the above embodiments and covers the invention as defined inthe appended claims and equivalents thereof.

1. A method of a transaction system managing transaction sessionidentifiers in commodity sale transactions via a network, comprising:issuing, when a user with a terminal starts a transaction session viathe network, a session identification code that comprises a combinationof a serial number and a predetermined security token, where the serialnumber identifies the started transaction session and indicates atransaction order in which the transaction with the user was startedrelative to other transactions of the transaction system, and where theissued session identification code is used by the transaction system toidentify and manage the transaction session when the user, by exchangesvia the network between the user's terminal and the transaction system,interactively adds/removes commodities to/from the transaction sessionbefore its completion; and transmitting the identification code to theuser's terminal during the transaction session such that if it isreceived by the terminal of the user the terminal will display theidentification code on the terminal of the user.
 2. The method ofmanaging transaction numbers according to claim 1, wherein the networkis the Internet.
 3. The method of managing transaction sessionidentifiers according to claim 2, further comprising: displaying thesession identification code, as part of a Uniform Resource Locator (URL)of the Internet, on the user's terminal.
 4. The method of managingtransaction session identifiers according to claim 1, wherein the serialnumber of the session identification code contains date and time atissuance of the session identification code.
 5. The method of managingtransaction session identifiers according to claim 1, wherein thesession identification code is issued when at least one commodity isselected at the user's terminal, the identification code being utilizeduntil the user decides to purchase the selected commodity.
 6. The methodof managing transaction session identifiers according to claim 5,wherein the session identification code is invalidated when apredetermined period of time elapses before the user decides to purchasethe selected commodity after the issuance of the session identificationcode.
 7. The method of managing transaction session identifiersaccording to claim 1, wherein the session identification code is issuedwhen an access is made from the user's terminal to the system of thecommodity sale transaction, the session identification code beingutilized until the user decides to purchase the commodity.
 8. The methodof managing transaction numbers according to claim 1, furthercomprising: when another session identification code is received whichcoincides only with either the serial number or security token of theidentification code, judging an improper access to the identificationcode to erase the session identification code to reissue a new sessionidentification code.
 9. The method of managing transaction sessionidentifiers according to claim 8, further comprising: upon detection ofan improper access to the session identification code, notifying alarminformation to a terminal which sent the other identification code. 10.A method according to claim 1, wherein the security token comprises astring that is not derived from or based on transaction order andsubstantially uniquely identifies the transaction from othertransactions.
 11. A method according to claim 1, wherein the securitytoken is substantially random relative to other transaction securitytokens.
 12. A method according to claim 1, wherein the identificationcode is issued before the user indicates that the transaction iscomplete and wherein the user adds a commodity to the transaction afterthe identification code is issued and before the transaction iscomplete.
 13. A method of managing transaction numbers in commodity saletransactions via a network, comprising: issuing an identification codethat comprises receipt information and predetermined passwordinformation, the receipt information comprising a serial number thatindicates the order in which a predetermined transaction with a user wasreceived; displaying the identification code on a terminal of the user;when another identification code is received that coincides only witheither the receipt information or password information of theidentification code, judging an improper access to the identificationcode to count the number of times of the access; and when aidentification code is received after the number of times of the accesshas reached a predetermined number of times, erasing the identificationcode to reissue a new identification code, and displaying the newidentification code on the terminal.
 14. A method of managingtransaction numbers in commodity sale transactions via a network,comprising: issuing an identification code that comprises receiptinformation and predetermined password information, the receiptinformation comprising a serial number that indicates the order in whicha predetermined transaction with a user was received; displaying theidentification code on a terminal of the user; and when anotheridentification code is received that coincides only with either thereceipt information or password information of the identification code,judging an improper access making use of the identification code todelay a response to the terminal using the another identification code.15. A computer apparatus acting as a server providing commodity saletransaction sites on the Internet, the computer apparatus executingtransactions via the Internet with a user's Internet terminal, thecomputer apparatus comprising: an issuance unit to issue, when the userwith a terminal starts a transaction session via the Internet, a sessionidentification code that comprises a combination of a serial number anda predetermined security token, where the serial number identifies thestarted transaction session and indicates a transaction order in whichthe transaction with the user was started relative to other transactionsof the transaction system, and where the issued session identificationcode is used by the transaction system to identify and manage thetransaction session when the user, by exchanges via the Internet betweenthe user's terminal and the transaction system, interactivelyadds/removes commodities to/from the transaction session before itscompletion; and a communication unit to send the identification code tothe user's terminal during the transaction session such that if it isreceived by the terminal of the user the terminal will display theidentification code on the terminal of the user.
 16. A computerapparatus acting as a user's Internet terminal, the computer apparatusexecuting transactions via the Internet with a server providingcommodity sale transaction sites on the Internet, the computer apparatuscomprising: a communication unit to receive a session identificationcode issued from the server when the user starts a transaction sessionvia the Internet, the session identification code comprising acombination of a serial number and a predetermined security token wherethe serial number identifies the started transaction session andindicates a transaction order in which the transaction with the user wasstarted relative to other transactions of the transaction system, andwhere the issued session identification code is used by the transactionsystem to identify and manage the transaction session when the user, byexchanges via the network between the user's terminal and thetransaction system, interactively adds/removes commodities to/from thetransaction session before its completion; and transmitting theidentification code to the user's terminal during the transactionsession such that if it is received by the terminal of the user theterminal will display a display unit to display thereon theidentification code as part of Internet URL.
 17. A computer programproduct allowing a computer that executes a commodity sale transactionvia the Internet with a user, which, when executed by a computer, causesthe computer to perform operations comprising: issuing, when a user witha terminal starts a transaction session via the network, a sessionidentification code that comprises a combination of a serial number anda predetermined security token, where the serial number identifies thestarted transaction session and indicates a transaction order in whichthe transaction with the user was started relative to other transactionsof the transaction system, and where the issued session identificationcode is used by the transaction system to identify and manage thetransaction session when the user, by exchanges via the network betweenthe user's terminal and the transaction system, interactivelyadds/removes commodities to/from the transaction session before itscompletion; and transmitting the identification code to the user'sterminal during the transaction session such that if it is received bythe terminal of the user the terminal will display the identificationcode on the terminal of the user.
 18. A method of managing transactionnumbers in commodity sale transactions via a network, the methodcomprising: issuing a transaction number including receipt informationand predetermined password information, the receipt informationcontaining at least a receipt number indicative of the order of receiptof a predetermined transaction with a user; displaying the transactionnumber on a terminal of the user; when another transaction number isreceived which coincides only with either the receipt information orpassword information of the transaction number, judging an improperaccess to the transaction number to count the number of times of theaccess; and when a transaction number is received after the number oftimes of the access has reached a predetermined number of times, erasingthe transaction number to reissue a new transaction number, anddisplaying the new transaction number on the terminal.
 19. A method ofsecurely conducting an online transaction to purchase a commodity, themethod comprising: starting, over a network, a transaction sessionbetween a user's client and a transaction server, where the transactionsession is for purchasing a commodity using the transaction server;responsive to the starting of the transaction session, issuing over thenetwork from the server to the client a session identifier string, wherethe session identifier string comprises a combination of a transactionidentifier and a security token, where the transaction identifieridentifies and orders the transaction session relative to othertransaction sessions handled by the transaction server, where thesecurity token substantially uniquely identifies the transaction sessionrelative to the other transaction sessions including other transactionsessions of the user; and automatically receiving and displaying thesession identifier at the client and allowing the user to interactivelyadd and remove commodities to be purchased via the transaction sessionduring different client-server exchanges that are linked by thetransaction server as a single session by the transaction server usingthe displayed session identifier.
 20. A method according to claim 19,wherein the client comprises a browser and the session identifier isdisplayed by the browser as a URL of a current page displayed by thebrowser.